+ """
+ Represents signed message (signeddata CMS type)
+ """
+ @staticmethod
+ def create(data, cert, pkey, flags=Flags.BINARY, certs=None):
+ """
+ Creates SignedData message by signing data with pkey and
+ certificate.
+
+ @param data - data to sign
+ @param cert - signer's certificate
+ @param pkey - pkey object with private key to sign
+ @param flags - OReed combination of Flags constants
+ @param certs - list of X509 objects to include into CMS
+ """
+ if not pkey.cansign:
+ raise ValueError("Specified keypair has no private part")
+ if cert.pubkey != pkey:
+ raise ValueError("Certificate doesn't match public key")
+ bio = Membio(data)
+ if certs is not None and len(certs) > 0:
+ certstack = StackOfX509(certs)
+ else:
+ certstack = None
+ ptr = libcrypto.CMS_sign(cert.cert, pkey.ptr, certstack, bio.bio, flags)
+ if ptr is None:
+ raise CMSError("signing message")
+ return SignedData(ptr)
+ def sign(self, cert, pkey, digest_type=None, data=None, flags=Flags.BINARY):
+ """
+ Adds another signer to already signed message
+ @param cert - signer's certificate
+ @param pkey - signer's private key
+ @param digest_type - message digest to use as DigestType object
+ (if None - default for key would be used)
+ @param data - data to sign (if detached and
+ Flags.REUSE_DIGEST is not specified)
+ @param flags - ORed combination of Flags consants
+ """
+ if not pkey.cansign:
+ raise ValueError("Specified keypair has no private part")
+ if cert.pubkey != pkey:
+ raise ValueError("Certificate doesn't match public key")
+ if libcrypto.CMS_add1_signer(self.ptr, cert.cert, pkey.ptr,
+ digest_type.digest, flags) is None:
+ raise CMSError("adding signer")
+ if flags & Flags.REUSE_DIGEST == 0:
+ if data is not None:
+ bio = Membio(data)
+ biodata = bio.bio
+ else:
+ biodata = None
+ res = libcrypto.CMS_final(self.ptr, biodata, None, flags)
+ if res <= 0:
+ raise CMSError("Cannot finalize CMS")
+ def verify(self, store, flags, data=None, certs=None):
+ """
+ Verifies signature under CMS message using trusted cert store
+
+ @param store - X509Store object with trusted certs
+ @param flags - OR-ed combination of flag consants
+ @param data - message data, if messge has detached signature
+ param certs - list of certificates to use during verification
+ If Flags.NOINTERN is specified, these are only
+ sertificates to search for signing certificates
+ @returns True if signature valid, False otherwise
+ """
+ bio = None
+ if data != None:
+ bio_obj = Membio(data)
+ bio = bio_obj.bio
+ if certs is not None and len(certs) > 0:
+ certstack = StackOfX509(certs)
+ else:
+ certstack = None
+ res = libcrypto.CMS_verify(self.ptr, certstack, store.store, bio,
+ None, flags)
+ return res > 0